root&beer
Web enumeration techniques for penetration testing using Gobuster, Ffuf, Dirb, and Nuclei to discover directories, files, virtual hosts, API endpoints, and security weaknesses in web applications during security assessments.
Photographer contains multiple exploits and misconfigurations. Starting with retrieving credentials from Samba shares then exploiting Koken CMS to gain a reverse shell. LinPEAS revealed MySQL credentials and a SUID PHP binary, enabling privilege escalation to root.
The "Corrosion: 1" CTF involved exploiting log poisoning and path abuse for remote command execution and privilege escalation. Key steps included cracking a ZIP file password and exploiting a vulnerable script to gain root access, culminating in the capture of the root flag.
